Language

Search

4.12 The Data Privacy Set of rules

The following set of rules deals with privacy-related issues. Many content providers oﬀerpay-per-view channels as part of their services. From a technical point of view, thisimplies having a Key Server that ciphers the stream with a symmetric encryption key anddelivers such key to authorized members only. However, this is not enough: it is crucialthat the Key Server renews the encryption key after the expiration of a peer’sauthorization period so the stream can not be decrypted any more by the peer (thisfeature is called forward secrecy). In addition, if we want to play on the safe side then theKey Server should renew the encryption key after a peer purchases an authorizationperiod (if the key remained the same then the peer might decrypt previously capturedstream packets for a later viewing). This renewal process is not trivial and is carried outby a secure multicast protocol. In order to alleviate the overhead incurred byavalanches of peers entering and leaving the authorized group (for example, at thebeginning of a high interest event such as The Olympics) key renewal can beperformed on a batch manner, i.e. renewing the key at a given ﬁxed frequencyrather than on a per arrival/exit basis. Finally, key renewal messages shouldbe authenticated by means of a digital signature or other alternative methods[20].

Many secure multicast protocols protocols exist in the literature, for example[25,15,28,27]. Here we suggest the implementation of a protocol by Naranjo et al [18].On it, every authorized peer receives a large prime number from the Key Server at thebeginning of its authorization period (this communication is done under a secure channel,for example SSL/TLS). For every renewal, the Key Server generates a message containingthe new key to be used by means of algebraic operations: all the authorized primes areinvolved in this message generation process, and the key can only be extracted from themessage by a peer with a valid prime. This protocol is eﬃcient and suits P2PSParchitecture in a natural way: every splitter can act as a Key Server for its ownteam. Hence, the stream would be ﬁrst transmitted among splitters (possibleencrypted by a diﬀerent key, shared by the splitters). Within each team, itscorresponding splitter would control the encryption and key renewal process.